CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20192
https://notcve.org/view.php?id=CVE-2022-20192
15 Jun 2022 — In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215912712 En la función grantEmbeddedWindowFocus del archivo WindowManagerService.java, se presenta una posible forma de cambiar un canal de entrada para l... • https://source.android.com/security/bulletin/pixel/2022-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39806
https://notcve.org/view.php?id=CVE-2021-39806
15 Jun 2022 — In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420 En la función closef del archivo label_backends_android.c, se presenta una posible forma de corromper la memoria de... • https://source.android.com/security/bulletin/pixel/2022-06-01 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20147
https://notcve.org/view.php?id=CVE-2022-20147
15 Jun 2022 — In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105 En la función nfa_dm_check_set_config del archivo nfa_dm_main.cc, se presenta una posible escritura fuera de límites debido a una falta de comprobación de l... • https://source.android.com/security/bulletin/2022-06-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20143
https://notcve.org/view.php?id=CVE-2022-20143
15 Jun 2022 — In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360 En la función addAutomaticZenRule del archivo ZenModeHelper.java, se presenta una posible denegación de servicio permanente debido al agotamiento de recursos. Esto po... • https://source.android.com/security/bulletin/2022-06-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-20142
https://notcve.org/view.php?id=CVE-2022-20142
15 Jun 2022 — In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962 En la función createFromParcel del archivo GeofenceHardwareRequestParcelable.java, se presenta una posible ejecución de código arbitrario deb... • https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2022-20142 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-20140
https://notcve.org/view.php?id=CVE-2022-20140
15 Jun 2022 — In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988 En la función read_multi_rsp del archivo gatt_sr.cc, se presenta una posible escritura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a una escala... • https://github.com/RenukaSelvar/system_bt_aosp10_cve-2022-20140 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-20138
https://notcve.org/view.php?id=CVE-2022-20138
15 Jun 2022 — In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972 En la función ACTION_MANAGED_PROFILE_PROVISIONED del archivo DevicePolicyMan... • https://github.com/ShaikUsaf/ShaikUsaf-frameworks_base_AOSP10_r33_CVE-2022-20138 • CWE-862: Missing Authorization •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20137
https://notcve.org/view.php?id=CVE-2022-20137
15 Jun 2022 — In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-206986392 En la función onCreateContextMenu del archivo NetworkProviderSettings.java, se presenta una posible forma de que los usuarios no propietarios cambien... • https://source.android.com/security/bulletin/2022-06-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20135
https://notcve.org/view.php?id=CVE-2022-20135
15 Jun 2022 — In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465 En la función writeToParcel del archivo GateKeeperResponse.java, se presenta un posible desajuste en el formato del paquete. Esto podría conllevar a una escalada local de privilegios, con los p... • https://source.android.com/security/bulletin/2022-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20134
https://notcve.org/view.php?id=CVE-2022-20134
15 Jun 2022 — In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 En la función readArguments del archivo CallSubjectDialog.java, se presenta una posible forma de engañar al usuario para q... • https://source.android.com/security/bulletin/2022-06-01 • CWE-20: Improper Input Validation •